leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8a9ffb8c85
linux/arch/powerpc/platforms
History
Kajol Jain 348c713441 powerpc/papr_scm: Fix buffer overflow issue with CONFIG_FORTIFY_SOURCE 
With CONFIG_FORTIFY_SOURCE enabled, string functions will also perform
dynamic checks for string size which can panic the kernel, like incase
of overflow detection.

In papr_scm, papr_scm_pmu_check_events function uses stat->stat_id with
string operations, to populate the nvdimm_events_map array. Since
stat_id variable is not NULL terminated, the kernel panics with
CONFIG_FORTIFY_SOURCE enabled at boot time.

Below are the logs of kernel panic:

  detected buffer overflow in __fortify_strlen
  ------------[ cut here ]------------
  kernel BUG at lib/string_helpers.c:980!
  Oops: Exception in kernel mode, sig: 5 [#1]
  NIP [c00000000077dad0] fortify_panic+0x28/0x38
  LR [c00000000077dacc] fortify_panic+0x24/0x38
  Call Trace:
  [c0000022d77836e0] [c00000000077dacc] fortify_panic+0x24/0x38 (unreliable)
  [c00800000deb2660] papr_scm_pmu_check_events.constprop.0+0x118/0x220 [papr_scm]
  [c00800000deb2cb0] papr_scm_probe+0x288/0x62c [papr_scm]
  [c0000000009b46a8] platform_probe+0x98/0x150

Fix this issue by using kmemdup_nul() to copy the content of
stat->stat_id directly to the nvdimm_events_map array.

mpe: stat->stat_id comes from the hypervisor, not userspace, so there is
no security exposure.

Fixes: 4c08d4bbc0 ("powerpc/papr_scm: Add perf interface support")
Signed-off-by: Kajol Jain <kjain@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20220505153451.35503-1-kjain@linux.ibm.com
2022-05-06 12:44:03 +10:00
..
4xx powerpc updates for 5.17 2022-01-14 15:17:26 +01:00
8xx powerpc: 8xx: fix a return value error in mpc8xx_pic_init 2022-03-09 21:46:55 +11:00
40x powerpc/4xx: Complete removal of MSI support 2021-12-09 11:52:20 +01:00
44x powerpc updates for 5.17 2022-01-14 15:17:26 +01:00
52xx powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE 2021-12-02 22:57:22 +11:00
82xx powerpc: Bulk conversion to generic_handle_domain_irq() 2021-08-12 11:39:41 +01:00
83xx powerpc/83xx: Add __init attribute to eligible functions 2021-12-23 22:33:18 +11:00
85xx powerpc/corenet: Change criteria to set MPIC_ENABLE_COREINT 2022-02-07 21:03:10 +11:00
86xx powerpc/mpc86xx_hpcn: Remove obsolete statement 2022-02-07 21:03:09 +11:00
512x powerpc/512x: Add __init attribute to eligible functions 2021-12-23 22:33:19 +11:00
amigaone powerpc/amigaone: Make amigaone_discover_phbs() static 2021-02-11 23:28:51 +11:00
book3s powerpc/vas: Map paste address only if window is active 2022-03-08 00:04:55 +11:00
cell powerpc: declare unmodified attribute_group usages const 2022-03-08 22:15:32 +11:00
chrp powerpc/chrp: Add __init attribute to eligible functions 2021-12-23 22:33:13 +11:00
embedded6xx powerpc/embedded6xx: Add __init attribute to eligible functions 2021-12-23 22:33:17 +11:00
maple powerpc/64s: Make hash MMU support configurable 2021-12-09 22:40:24 +11:00
microwatt powerpc/microwatt: add POWER9_CPU, clear PPC_64S_HASH_MMU 2021-12-09 22:41:16 +11:00
pasemi bitmap patches for 5.17-rc1 2022-01-23 06:20:44 +02:00
powermac powerpc/machdep: Move sys_ctrler_t definition into pmac_feature.h 2022-02-07 21:02:20 +11:00
powernv pci-v5.18-changes 2022-03-25 13:02:05 -07:00
ps3 powerpc/ps3: remove unneeded semicolons 2022-03-09 14:26:35 +11:00
pseries powerpc/papr_scm: Fix buffer overflow issue with CONFIG_FORTIFY_SOURCE 2022-05-06 12:44:03 +10:00
fsl_uli1575.c
Kconfig powerpc: Rename PPC_NATIVE to PPC_HASH_MMU_NATIVE 2021-12-02 22:57:22 +11:00
Kconfig.cputype powerpc/64e: Tie PPC_BOOK3E_64 to PPC_FSL_BOOK3E 2022-03-08 22:07:41 +11:00
Makefile powerpc: Add Microwatt platform 2021-06-21 21:15:26 +10:00